The Cryptographic Message Syntax (CMS) ( RFC 5652)
specifies the MessageDigest attribute to be included as an signed attribute in a
SignerInfo for representing the hash value computed on the content data:

As soon as there are any signed attributes are present, the MessageDigest
attribute has to be included to "keep" the original hash computed on the
content data. Note that when signed attributes are present in fact two
hash values are calculated: the first one over the content data (giving
the value of the MessageDigest attribute) and the second one over the
DER encoding of the signed attributes (giving the final signature value
itself).

When creating a CMSMessageDigest attribute
the hash value has to be supplied: